BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

LinkedIn iOS App Grabs Names, Emails And Notes From Your Calendar

This article is more than 10 years old.

Image via CrunchBase

If you've got the LinkedIn app installed on your iPhone or iPad, and you've given it permission to access your calendar then you've also, unwittingly, given it permission to harvest everything you're doing for the next few days from your device’s calendar and send it back to the company.

Security researchers Yair Amit and Adi Sharabani for  Skycure Security, speaking to TheNextWeb, claim that if you give the LinkedIn app permission to access your calendar, every entry in your calendar for the next five days is collected and send back to the company's servers. This includes meeting notes, organizer names, attendee names, times and any notes attached to the calendar entry.

While access to the calendar is on an opt-in/opt-out basis, the app doesn't inform the user that all this data will be harvested and sent to LinkedIn.

What's more, this information is sent to LinkedIn in an unencrypted, plain-text form. This could allow the information to be intercepted when transmitted over an unsecured WiFi connection or a public WiFi connections such as those found at coffee shops. This is shockingly poor security.

LinkedIn claim that its Privacy Policy and User Agreement covered this kind of data transmission. The researchers on the other hand by say that, according to their understanding, LinkedIn’s "privacy policy does not cover collecting and sending this type of sensitive information".

There's no indication that LinkedIn is doing anything bad with this information, but it is scary the amount of data that this potentially gives them access to.

This is the problem with apps -- and for that matter any application in general. They're black boxes and a lot goes on behind the scenes that we're not aware of. Giving an app permission to access your data is mostly a trust thing. You trust that the company is being responsible in the data they are accessing and that they are keeping it safe. Accessing everything in your calendar for the next five days and transmitting it in unencrypted form across the internet doesn't feel like LinkedIn is being responsible to me.

There's very little that users can do to protect themselves from this sort of snooping. They can take care as to what apps they install and limit them to those from trusted sources, and they can be careful as to what permissions they give to specific apps, but none of this would protect you from this data leak. The LinkedIn app is certainly from a trusted source, and the app doesn't make it clear what data it is accessing and for what purpose. It certainly doesn't inform you that your entire schedule for the next week is being transmitted in plain text over the internet.